Hi Monika, Account locking and related identity management features are not shipped OOTB with APIM. However since you use IS you should be able to get this done through IS. Is there any documentation you followed while enabling account locking ? Or any specific configurations you did while enabling account locking ?. Also can you make sure that authentication is taking place through Identity Server. (ie not from APIM)
On Mon, Mar 12, 2018 at 8:39 AM, Monika Sharma <[email protected]> wrote: > Hello Dev. Team, > > > > Please reply for my query. > > > > Thanks & Regards > > Monika Sharma > > > > *From:* Monika Sharma > *Sent:* Friday, March 9, 2018 7:28 PM > *To:* 'Chanika Geeganage'; WSO2 Developers' List; '[email protected]' > *Cc:* WSO2 Developers' List > *Subject:* RE: Query Regarding the wso2 identity server and API manager > configuration > > > > Hello dev. team > > > > I have an issue regarding the wso2 IS and API . > > > > *[Issue]* > > 1. Even by disabling the account on the WSO2 Identity Server and WSO2 API > Manager side , it is still possible to call and use the authentication API > of the WSO2 API Store management console and OAuth2 > > 2. Even by Enabling lockout setting on the WSO2 Identity server and WSO2 > API Manager side and Failing to authenticate many times , it is still > possible to call and use the authentication API of the WSO2 API Store > management console and OAuth2. > > > > I have follow the below steps : > > > > 1. Configured identity server as key manager using below link > > https://docs.wso2.com/display/AM210/Configuring+WSO2+Identit > y+Server+as+a+Key+Manager > > I am using default database (H2 database) > > 2. Registered a user in identity server and assigned role is > “internal\creator, internal\publisher, internal\subscriber” > > 3. Sing up the wso2 API store using this user > > 4. Login to the store web application as the signed-up user. > > 5. Create an Oauth application in the store application of the API > manager and subscribe to the published API using this created application. > > 6. Generate consumer key consumer secret pair for that application > and access token. This access token is used by user to access API. > > 7. This application is automatically created a Service Provider on > the WSO2 API. An internal user role was automatically created and the user > was automatically assigned to this role as well. > > 8. Now > > 9. I have check the below scenario > > User account setting on IS and API console (API store sign in user ) > > WSO2 Identity server console > > WSO2 API console > > Response return using access token > > Account Disable > > yes > > yes > > True > > Account Disable > > yes > > no > > True > > Account Disable > > no > > yes > > True > > Account Lock > > yes > > yes > > True > > Account Lock > > yes > > no > > True > > Account Lock > > no > > yes > > True > > > > > > Please let me know, Which user is disable or locked from IS and API side, > he will be able to access API in API management console of API store. And > will be able to generate access token on API console. > > > > > > Thanks & Regard > > Monika Sharma > > > > > > *From:* Chanika Geeganage [mailto:[email protected] <[email protected]> > ] > *Sent:* Thursday, March 8, 2018 9:19 AM > *To:* Monika Sharma > *Cc:* WSO2 Developers' List > *Subject:* Re: Query Regarding the wso2 identity server and API manager > configuration > > > > Hi Monika, > > It looks like a configuration issue. Please follow [1] for the APIM 2.1.0 > to configure IS as a key manager. You can check the API Manager management > console whether the SP is added correctly. For that go to Main -> Service > Providers. If it is there, the SP provider is not visible in the IS > management console can be due to a configuration issue (ie. not sharing > databases mentioned in the doc). If the SP is not in management console > that means the consumer key, secret pair is not generated for the > particular application > > > > [1] https://docs.wso2.com/display/AM210/Configuring+WSO2+Identit > y+Server+as+a+Key+Manager > > > > Thanks > > > > On Thu, Mar 8, 2018 at 8:50 AM, Monika Sharma <[email protected]> > wrote: > > Hello sir, > > > > I have query regarding the wso2 identity server and API manager > configuration. I have followed your article “[Article] How to Generate API > Manager Access Tokens Using Multi-Factor Authentication” refer link as below > > https://wso2.com/library/articles/2015/09/article-how-to- > generate-api-manager-access-tokens-using-multi-factor-authentication/ . > > My wso2 identity server version is 5.3.0 and API manager version is 2.1.0. > > According to this document application that is created by the API store of > wso2 API manager should be displayed in the wso2 identity server in service > provider section but this application is displayed in wso2 API manger > service provider section it is not displayed in identity server service > provider section .I have followed the below steps. > > > > 1. Configured the wso2 identity server as key manager for wso2 API > manager. > > 2. Create and publish an API in the API manager in the publisher > web app > > 3. Open the API Store Web application in a browser and click the > sign-up link that appears in the top, right-hand corner of the window, fill > the sign-up form that appears and click the Submit button. Before this I > have added this user in wso2 API manager and assign role as > internal/publisher. > > 4. Login to the store web application as the signed-up user. Create > an application in the store application of the API manager and subscribe to > the published API using the created application. > > 5. Generate consumer key consumer secret pair for that application. > > 6. I have login the identity serve and list down the service > providers. Created application is not listed as a service provider. > > Please let me know which configuration is required for this. > > > > Thanks & Regards > > Monika Sharma > > > > > > > -- > > Best Regards.. > > > > Chanika Geeganage > +94773522586 <077%20352%202586> > > WSO2, Inc.; http://wso2.com > > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 <077%20189%202453>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
